Testing is the process of executing the code of a software product with the intention of finding defects. But security testing is performed to check whether there is any information leakage in the sense by encrypting the application or using wide range of software’s and hardware's and firewall etc. Security testing, which aims to eliminate the aspects of systems that do not relate to application functionality but to the confidentiality, integrity, and availability of applications, is commonly referred as nonfunctional requirements testing which is used to determine the quality, security, and resiliency aspects of software, is based on the belief that nonfunctional requirements represent not what software is meant to do, but how the software might do it.
- Authentication: Authentication is the process by which the system validates a user's logon information. A user's name and password are compared to an authorized list, and if the system detects a match, access is granted to the extent specified in the permission list for that user. Basically it is the process of determining whether someone or something is, in fact, who or what it is declared to be. Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism. Basically, it allows a receiver to have confidence that information it receives originated from a specific known source.
- Authorization: It is the mechanism by which a system determines what level of access a particular authenticated user should have to secure resources controlled by the system. For example, a database management system might be designed so as to provide certain specified individuals with the ability to retrieve information from a database but not the ability to change data stored in the database, while giving other individuals the ability to change data. Determining that a requester is allowed to receive a service or perform an operation.
- Confidentiality: A security measure which protects the disclosure of data or information to parties other than the intended. Confidentiality service protects sensitive information from unauthorized disclosure.
- Integrity: Whether the intended receiver receives the information or data which is not altered in transmission. Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.
- Non-repudiation: The non-repudiation service can be viewed as an extension to the identification and authentication service.
- Availability: It confirms whether the information is confirmed or not for an authorized user. Assuring information and communications services will be ready for use when expected.
Testing which confirms that the program can access to authorized personnel and that the authorized personnel can access the functions available to their security level. Security testing is testing how well the system is protected against unauthorized internal or external access, or willful damage. Security testing is a process to determine that an information system protects data and maintains functionality as intended.